Robert Falcone, Author at Unit42

A conceptual image representing cybercrime, such as the use of the NGLite backdoor described here and the KdcSponge credential-stealing tool.

37,615

people reacted

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

By Robert Falcone, Jeff White and Peter Renals
November 7, 2021 at 6:00 PM

18 min. read

35,688

people reacted

Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools

By Robert Falcone, Alex Hinchliffe and Quinn Cooke
July 15, 2021 at 3:00 AM

23 min. read

A conceptual image representing the new cryptocurrency stealer, WeSteal.

32,499

people reacted

New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)

By Robert Falcone and Simon Conant
April 29, 2021 at 12:01 AM

9 min. read

A conceptual image representing espionage, such as the attempted (but unsuccessful) credential harvesting discussed here.

27,834

people reacted

Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials

By Robert Falcone
April 15, 2021 at 6:00 AM

8 min. read

The BumbleBee webshell, conceptually illustrated here, was discovered as part of an investigation of the continued xHunt campaign.

31,080

people reacted

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement

By Robert Falcone
January 11, 2021 at 12:01 AM

25 min. read

Conceptual image illustrating Egregor ransomware.

27,434

people reacted

Threat Assessment: Egregor Ransomware

By Doel Santos, Brittany Barbehenn and Robert Falcone
December 8, 2020 at 6:00 PM

5 min. read

A conceptual image illustrating the concept of espionage, including the type of stealthy activity using backdoors that threat researchers observed the xHunt campaign using.

31,501

people reacted

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control

By Robert Falcone
November 9, 2020 at 12:00 AM

12 min. read

An illustration of the concept of ransomware, including Thanos

42,873

people reacted

Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa

By Robert Falcone
September 4, 2020 at 6:00 AM

13 min. read

Conceptual image illustrating WastedLocker ransomware

34,523

people reacted

Threat Assessment: WastedLocker Ransomware

By Alex Hinchliffe, Doel Santos, Adrian McCabe and Robert Falcone
July 30, 2020 at 6:00 AM

4 min. read

A conceptual illustration showing a world map along with icons representing malware and other tools used by malicious actors

35,449

people reacted

OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory

By Robert Falcone
July 22, 2020 at 6:00 AM

18 min. read

48,311

people reacted

Updated BackConfig Malware Targeting Government and Military Organizations in South Asia

By Alex Hinchliffe and Robert Falcone
May 11, 2020 at 9:30 PM

16 min. read

35,160

people reacted

APT41 Using New Speculoos Backdoor to Target Organizations Globally

By Bryan Lee, Robert Falcone and Jen Miller-Osborn
April 13, 2020 at 5:45 PM

7 min. read

33,874

people reacted

Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations

By Robert Falcone, Bryan Lee and Alex Hinchliffe
March 3, 2020 at 6:00 AM

28 min. read

35,827

people reacted

Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations

By Robert Falcone
February 3, 2020 at 6:00 AM

13 min. read

22,966

people reacted

xHunt Campaign: New Watering Hole Identified for Credential Harvesting

By Brittany Barbehenn and Robert Falcone
January 27, 2020 at 6:00 PM

7 min. read

Posts created by: Robert Falcone

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools

New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)

Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement

Threat Assessment: Egregor Ransomware

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control

Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa

Threat Assessment: WastedLocker Ransomware

OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory

Updated BackConfig Malware Targeting Government and Military Organizations in South Asia

APT41 Using New Speculoos Backdoor to Target Organizations Globally

Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations

Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations

xHunt Campaign: New Watering Hole Identified for Credential Harvesting

Popular Resources

Legal Notices

Account

Trending

Popular Resources

Legal Notices

Account